15. Edit the auth.conf file on each puppet master so inventory can pick up facts.

Make sure the following is set on each puppet master.

path /facts
method find
auth any
allow *
path /inventory
auth any
method search, find
allow dashboard
# deny everything else; this one is not stricly necessary, but it has the merit of showing the default policy, which is deny everything else
path /
auth any

Note: The config for /facts and /inventory must go above the config for `path /` – otherwise you may get an access forbidden 404 error message when running the inventory service on puppet-dashboard.

16. Restart apache on puppet masters

service httpd restart

17. On the puppet dashboard server, turn on and configure the inventory service and cutoff time

vi /usr/share/puppet-dashboard/config/settings.yml
# The "inventory service" allows you to connect to a puppet master to retrieve and node facts
enable_inventory_service: true
# Hostname of the inventory server.
inventory_server: 'puppet'
# Port for the inventory server.
inventory_port: 8140
# Amount of time in seconds since last report before a node is considered no longer reporting
no_longer_reporting_cutoff: 43200

Connect to the puppet-dashboard web UI. Run a puppet agent –test on the puppet-dashboard and you should see the puppet nodes report in to the puppet dashboard.

Once you have done all of thisand checked the puppet dashboard is working correctly, I would reboot the linux box to ensure that if there was a OS failure and the box got rebooted, or if someone rebooted the box, pupp dashboard would work on a reboot – it is up to you.. but recommended.

It just makes sense to use the puppet database in your puppet environment. It is used to store the inventory facts about every node in your puppet environment and as this can be big, you need to have a good back end database which can handle this. Here is how I installed puppet DB

There are no special requirements for SELINUX when installing puppet DB. Keep SELINUX set to enforcing mode.

This is environment specific depending on the bridges you need to create to let the puppet master communicate to its various networks. Port 8140 needs to be open on the puppet master for each interface you have added, specifying the source networks and interface adapter as applicable. Below is an example taken from the UK Cressex LAB puppet master deployment. All IPTABLES information is covered later in the document under the configured puppet environments section.

Jenkins in one of my favourite open source tools. It must also be one of the most flexible

You can set up Jenkins to monitor your Gitlab project for any changes. If Jenkins sees any commits to the master repo, Jenkins will execute a build script and run any customised scripts. Here is how to set this up.

Set up a project in Gitlab. This will be your git repo.

Create a your git repo using a git client on a linux box of your choice.

Configure Jenkins job to poll the git repo and to run a build script if there are any changes.

Set up a Jenkins job and specify the following under source code management

note: The repository URL can be obtained from gitlab as shown below

Setting up build triggers

Under build triggers, select the Poll SCM and set a Schedule. The schedule is in cron format and be set as desired. Here we have set Jenkins to poll the git repo every 5 minutes for changes.

Note: Once the job is setup, you can click on the

Here you will see the git polling working as shown below:

SSH keys and sudo access

We will need to set up ssh keys and sudo access for the jenkins_admin user which is used to log on to the puppet masters to sycnronise the manifests and modules. To set up the keys, run the following commands on the jenkins box.

1 – Log in as jenkins_admin@jenkins on the jenkins server

2 – Run the following command to drop into the jenkins user

sudo - s -H -u jenkins

3 – Run the following to set up the ssh key pair

$ cd ~/.ssh/
$ ssh-sopy-id -i id_rsa.pub jenkins_admin@puppet-server

note: # where puppet-server is the puppet master you need to sync the manifests on

4- Configure sudo on the puppet-master so Jenkins_admin is not prompted for the password. Note you can use a manifest to configure sudo via puppet.

on the puppet-server (as root)

sudo visudo
...
jenkins_admin ALL= NOPASSWD:/usr/bin/rsync

Make sure you do this process for each puppet-server you wish to configure sudo and ssh keys for